Enabling access to critical applications and data while maintaining the confidentiality, integrity and availability of these resources can be a daunting task. One of the first steps to completing it is to use network segmentation and access-control methodologies. . . .
Enabling access to critical applications and data while maintaining the confidentiality, integrity and availability of these resources can be a daunting task. One of the first steps to completing it is to use network segmentation and access-control methodologies.

In many environments, defense in depth can be implemented with few incremental equipment costs. Most router and switch vendors provide access-control mechanisms within their products. Although many security professionals would not rely solely on VLANs (virtual LANs) and router ACLs (access-control lists) for Internet-based security controls, their implementation as internal controls can be valuable. The keys are to ensure that these mechanisms are implemented according to your business risks and that they are monitored and maintained.